How Crypto Gets Hacked: Issue #4
How Crypto Gets Hacked: Issue #4
BlockFi Fined, Defi Oversight, and a Story of the Almost-Scammed
Disclaimer: I’ll be talking about individual crypto projects in this series but this is for informational purposes only and not a solicitation to buy or sell any cryptoassets.
Do your own due diligence.
BlockFi Fined
On Friday, February 11, Bloomberg reported that BlockFi was going to pay a $100 million fine for an unregistered securities violation from the SEC.
This was BlockFi’s response statement from their Twitter account:
I thought more new might come soon, but didn’t think it would be this soon.
On the following Monday, the SEC gave us the low down:
Washington D.C., Feb. 14, 2022 —
The Securities and Exchange Commission today charged BlockFi Lending LLC (BlockFi) with failing to register the offers and sales of its retail crypto lending product. In this first-of-its-kind action, the SEC also charged BlockFi with violating the registration provisions of the Investment Company Act of 1940. To settle the SEC’s charges, BlockFi agreed to pay a $50 million penalty, cease its unregistered offers and sales of the lending product, BlockFi Interest Accounts (BIAs), and attempt to bring its business within the provisions of the Investment Company Act within 60 days. BlockFi’s parent company also announced that it intends to register under the Securities Act of 1933 the offer and sale of a new lending product. In parallel actions announced today, BlockFi agreed to pay an additional $50 million in fines to 32 states to settle similar charges.
As some pointed out, BlockFi recently added a new feature out of the blue: a crypto wallet linked to your account, which would now be used to fund your account, withdraw from your account, and buy and sell new cryptoassets. The traditional “Interest Account,” which BlockFi is known for, could only be used to transfer funds in and out of your BlockFi wallet.
It seemed unnecessary: why add an extra step when you used to be able to all of this within the interest account itself? Unless of course this is the solution they came up with regulators.
And it seems like that’s the case, because BlockFi and the SEC are now referring to them as the “BlockFi Interest Accounts” (BIA’s). BlockFi says that you can continue to earn with existing funds in the BIA and can send and receive funds to the wallet, but you can no longer add funds to the BIA at this time. According to the SEC, they have 60 days in order to comply with the law, at which point they will have to file an S-1 and register a new securities product with the SEC: BlockFi Yield.
BlockFi today announced its intention to file or confidentially submit a draft registration statement on Form S-1 with the Securities and Exchange Commission (the "SEC") relating to the offering of BlockFi Yield, a new crypto interest-bearing security that would be available to our U.S. clients. The offering of BlockFi Yield is expected to occur after the SEC completes its review process and declares the S-1 registration statement effective. After the S-1 registration statement is declared effective, BlockFi Yield will be offered to new U.S. clients, as well as existing U.S. clients in exchange for their current BlockFi Interest Accounts ("BIAs").
My take: It will be interesting to see how and if this will affect DeFi protocols, but my suspicion is it won’t (for now). The SEC said they are going after “Crypto lending platforms offering securities like BlockFi’s BIAs,” which to me sounds more like Gemini Earn, Celsius, Voyager, Vauld, and all the other interest-earning crypto platform businesses. These platforms will either need to close, make offerings only for accredited investors, or get ready to file an S-1 and register with the SEC.
To get into DeFi you could give these platforms money and they do the DeFi work for you, or you could be doing this on your own through Aave, Compound, Uniswap, Balancer, or whoever. But the protocols themselves would need some type of new regulation, because there isn’t a company in existence they can fine and force to file. It’s just an open, automated system at this point, matching lenders with borrowers or buyers and sellers.
Lending platforms were a “slam dunk” issue for the SEC. Regulating DeFi protocols themselves will be tougher without changing the existing law. (See below)
DeFi Oversight may be on the Way
Elliptic recently wrote about a regulatory proposal that would throw a wrench into the DeFi space’s operations. In a 654 page proposed ruling (🤯), the SEC would include DeFi protocols under the definition of a securities exchange by including “systems that offer the use of non-firm trading interest and communication protocols to bring together buyers and sellers of securities.”
This would allow the SEC to start regulating DeFi protocols. They would need to start registering as exchanges or broker-dealers, even though most are highly decentralized and run autonomously.
I found this part particularly compelling, where the SEC seems to acknowledge the usefulness of the new technology, but is worried about the growing number of hacks and scams in the space and the lack of investor protection that has caused:
Advances in technology and innovation since Regulation ATS was adopted in 199816 have changed the methods by which securities markets bring together buyers and sellers of securities. As discussed further below, innovations in trading protocols have increased efficiencies and access to discover liquidity and prices, search for a counterparty, and agree upon the terms of a trade. Instead of using exchange markets that offer only the use of firm orders and provide matching algorithms, market participants are able to connect to numerous Communication Protocol Systems, which offer the use of protocols and non-firm trading interest to bring together buyers and sellers of securities. Communication Protocol Systems today perform similar market place functions of bringing together buyers and sellers as registered exchanges and ATSs and have become an increasingly preferred choice of trading venue, particularly for fixed income securities.
However, as a function of how Exchange Act Rule 3b16 currently defines the terms in Section 3(a)(1) of the Exchange Act, Communication Protocol Systems do not fall within the definition of exchange. As a result, Communication Protocol Systems are not subject to the same regulatory requirements as registered exchanges and ATSs and the investors using them do not receive the investor protection, fair and orderly markets, transparency, and oversight benefits stemming from exchange regulation. Further, by Communication Protocol Systems falling outside the definition of exchange, a disparity has developed among similar markets that bring together buyers and sellers of securities, in which some are regulated as exchanges and others are not. This regulatory disparity can create a competitive imbalance and a lack of investor protections.
We’ll have to wait and see where this leads. There is already a dissenting opinion by Hester Pierce of the SEC, so it seems like not everyone is on board with this decision. But Gary Gensler wants to create regulatory clarity in the space and have the authority to regulate DeFi protocols, and he may push to get this through.
Rich ETH Holder Targeted by Scammers
I encourage you to read the story in the Twitter thread above. He explains how he was targeted by a highly coordinated team of scammers who were attempting to steal his ETH.
Either he was targeted by an “Ocean’s Eleven” type group who knew how to create NFTs, perform social engineering, and create 3D mockups of aircraft designs,
OR
This was some sort of state-sponsored operation to steal his stockpile of ETH.
Maybe we’ll never know. But the lesson here is to be careful out there.
Thanks for reading!